Re: pg_hba.conf && ident ...
| От | The Hermit Hacker |
|---|---|
| Тема | Re: pg_hba.conf && ident ... |
| Дата | |
| Msg-id | Pine.BSF.4.21.0005101132330.777-100000@thelab.hub.org обсуждение исходный текст |
| Ответ на | Re: pg_hba.conf && ident ... (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Wed, 10 May 2000, Tom Lane wrote:
> The Hermit Hacker <scrappy@hub.org> writes:
> > i pg_hba.conf, that host has:
> > host trends_acctng 216.126.72.30 255.255.255.255 ident sameuser
> > And its the only time we have ident being used ...
> > right now, its the only theory I ahve to work with ...
>
> Bingo. All your cores show the thing waiting inside the ident code:
>
> (gdb) bt
> #0 0x18263890 in recvfrom () from /usr/lib/libc.so.4
> #1 0x1825062b in recv () from /usr/lib/libc.so.4
> #2 0x80ad4d0 in ident (remote_ip_addr={s_addr = 508067544}, local_ip_addr={
> s_addr = 56131288}, remote_port=27631, local_port=14357,
> ident_failed=0xbfbfeeef "�\004\023 \b,\207\024\b\212\217(\030\223���\203\204|�\n\b�\214+\0304P",
> ident_username=0xbfbfeef0 "\004\023 \b,\207\024\b\212\217(\030\223���\203\204|�\n\b�\214+\0304P") at
hba.c:635
> #3 0x80ad912 in authident (raddr=0x82011ac, laddr=0x8201140,
> postgres_username=0x8201261 "db", auth_arg=0x8201304 "sameuser")
> at hba.c:869
> #4 0x80ac5b9 in be_recvauth (port=0x8201000) at auth.c:523
> #5 0x80e0c4a in readStartupPacket (arg=0x8201000, len=292, pkt=0x820101c)
> at postmaster.c:1214
> #6 0x80aeb67 in PacketReceiveFragment (port=0x8201000) at pqpacket.c:102
> #7 0x80e08ad in ServerLoop () at postmaster.c:982
> #8 0x80e039a in PostmasterMain (argc=13, argv=0xbfbffbc4) at postmaster.c:723
> #9 0x80aee43 in main (argc=13, argv=0xbfbffbc4) at main.c:93
> #10 0x8063393 in _start ()
>
> Looking at the code, there doesn't seem to be any defense against a
> broken ident server --- there is no timeout or anything being used here!
> Ugh. Has it always been like this?
>
> Anyway, I think the immediate fix for you is to stop using ident auth
> for that host, at least till we can improve this code...
Once I started scanning with lsof and saw the auth stuff, I clued in and
we disabled the ident stuff ... looking at your backtrace above, I should
have clued in sooner, as I *saw* the ident on line 2, but didn't *see* it
:(
Thanks ...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
В списке pgsql-hackers по дате отправления: